Matching TCP packets and its application to the detection of long connection chains on the Internet

Author

Yang, Jianhua ; Huang, Shou-Hsuan Stephen

Author_Institution

Dept. of Comput. Sci., Houston Univ., TX, USA

Volume

1

fYear

2005

fDate

28-30 March 2005

Firstpage

1005

Abstract

Network attackers usually launch their attacks behind a long connection chain. One way to stop such attacks is to prevent the attackers from using computers as "stepping-stones" for their attacks. A "Step-Function" method has been proposed to detect the length of a connection chain from a host to the victim machine. The algorithm is based on the changes in packet round trip times. Due to many network protocol issues, it is impossible to match all such packets correctly. We propose two algorithms to match TCP packet in real-time. The first algorithm matched fewer packets but the matching is correct. The second one matches more packets with some uncertainty on the correctness. The two algorithms gave almost identical results in determining the length of a connection chain. The algorithm gives a way to stop stepping-stone intrusion on the Internet in real-time.

Keywords

Internet; security of data; telecommunication security; transport protocols; Internet; TCP packet matching; conservative algorithm; heuristic algorithm; long connection chain detection; network attacks; stepping-stone intrusion detection; Application software; Change detection algorithms; Computer science; Cryptography; Electronic mail; Heuristic algorithms; IP networks; Internet; Protocols; Uncertainty;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Information Networking and Applications, 2005. AINA 2005. 19th International Conference on

ISSN

1550-445X

Print_ISBN

0-7695-2249-1

Type

conf

DOI

10.1109/AINA.2005.240

Filename

1423618